hxxp://www[.]y2mate[.]com

Analysis

max time kernel
90s
max time network
99s
platform
windows10-1703_x64
resource
win10-20231020-en
resource tags

arch:x64arch:x86image:win10-20231020-enlocale:en-usos:windows10-1703-x64system
submitted
20/11/2023, 19:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://www.y2mate.com

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 5 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2508097367-364665605-1201309312-1000_Classes\Local Settings	firefox.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	3724	firefox.exe
Token: SeDebugPrivilege	3724	firefox.exe

Suspicious use of FindShellTrayWindow 4 IoCs

pid	Process
3724	firefox.exe
3724	firefox.exe
3724	firefox.exe
3724	firefox.exe

Suspicious use of SendNotifyMessage 3 IoCs

pid	Process
3724	firefox.exe
3724	firefox.exe
3724	firefox.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
3724	firefox.exe
3724	firefox.exe
3724	firefox.exe
3724	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 996 wrote to memory of 3724	996	firefox.exe	70
PID 996 wrote to memory of 3724	996	firefox.exe	70
PID 996 wrote to memory of 3724	996	firefox.exe	70
PID 996 wrote to memory of 3724	996	firefox.exe	70
PID 996 wrote to memory of 3724	996	firefox.exe	70
PID 996 wrote to memory of 3724	996	firefox.exe	70
PID 996 wrote to memory of 3724	996	firefox.exe	70
PID 996 wrote to memory of 3724	996	firefox.exe	70
PID 996 wrote to memory of 3724	996	firefox.exe	70
PID 996 wrote to memory of 3724	996	firefox.exe	70
PID 996 wrote to memory of 3724	996	firefox.exe	70
PID 3724 wrote to memory of 3124	3724	firefox.exe	71
PID 3724 wrote to memory of 3124	3724	firefox.exe	71
PID 3724 wrote to memory of 3672	3724	firefox.exe	72
PID 3724 wrote to memory of 3672	3724	firefox.exe	72
PID 3724 wrote to memory of 3672	3724	firefox.exe	72
PID 3724 wrote to memory of 3672	3724	firefox.exe	72
PID 3724 wrote to memory of 3672	3724	firefox.exe	72
PID 3724 wrote to memory of 3672	3724	firefox.exe	72
PID 3724 wrote to memory of 3672	3724	firefox.exe	72
PID 3724 wrote to memory of 3672	3724	firefox.exe	72
PID 3724 wrote to memory of 3672	3724	firefox.exe	72
PID 3724 wrote to memory of 3672	3724	firefox.exe	72
PID 3724 wrote to memory of 3672	3724	firefox.exe	72
PID 3724 wrote to memory of 3672	3724	firefox.exe	72
PID 3724 wrote to memory of 3672	3724	firefox.exe	72
PID 3724 wrote to memory of 3672	3724	firefox.exe	72
PID 3724 wrote to memory of 3672	3724	firefox.exe	72
PID 3724 wrote to memory of 3672	3724	firefox.exe	72
PID 3724 wrote to memory of 3672	3724	firefox.exe	72
PID 3724 wrote to memory of 3672	3724	firefox.exe	72
PID 3724 wrote to memory of 3672	3724	firefox.exe	72
PID 3724 wrote to memory of 3672	3724	firefox.exe	72
PID 3724 wrote to memory of 3672	3724	firefox.exe	72
PID 3724 wrote to memory of 3672	3724	firefox.exe	72
PID 3724 wrote to memory of 3672	3724	firefox.exe	72
PID 3724 wrote to memory of 3672	3724	firefox.exe	72
PID 3724 wrote to memory of 3672	3724	firefox.exe	72
PID 3724 wrote to memory of 3672	3724	firefox.exe	72
PID 3724 wrote to memory of 3672	3724	firefox.exe	72
PID 3724 wrote to memory of 3672	3724	firefox.exe	72
PID 3724 wrote to memory of 3672	3724	firefox.exe	72
PID 3724 wrote to memory of 3672	3724	firefox.exe	72
PID 3724 wrote to memory of 3672	3724	firefox.exe	72
PID 3724 wrote to memory of 3672	3724	firefox.exe	72
PID 3724 wrote to memory of 3672	3724	firefox.exe	72
PID 3724 wrote to memory of 3672	3724	firefox.exe	72
PID 3724 wrote to memory of 3672	3724	firefox.exe	72
PID 3724 wrote to memory of 3672	3724	firefox.exe	72
PID 3724 wrote to memory of 3672	3724	firefox.exe	72
PID 3724 wrote to memory of 3672	3724	firefox.exe	72
PID 3724 wrote to memory of 3672	3724	firefox.exe	72
PID 3724 wrote to memory of 3672	3724	firefox.exe	72
PID 3724 wrote to memory of 3672	3724	firefox.exe	72
PID 3724 wrote to memory of 3672	3724	firefox.exe	72
PID 3724 wrote to memory of 3672	3724	firefox.exe	72
PID 3724 wrote to memory of 3672	3724	firefox.exe	72
PID 3724 wrote to memory of 3672	3724	firefox.exe	72
PID 3724 wrote to memory of 3672	3724	firefox.exe	72
PID 3724 wrote to memory of 3672	3724	firefox.exe	72
PID 3724 wrote to memory of 3672	3724	firefox.exe	72
PID 3724 wrote to memory of 3608	3724	firefox.exe	73
PID 3724 wrote to memory of 3608	3724	firefox.exe	73
PID 3724 wrote to memory of 3608	3724	firefox.exe	73

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "http://www.y2mate.com"
1⤵
- Suspicious use of WriteProcessMemory
PID:996
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url http://www.y2mate.com
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3724
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3724.0.1150676180\1655619641" -parentBuildID 20221007134813 -prefsHandle 1712 -prefMapHandle 1704 -prefsLen 20936 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {cbe39306-cf95-411d-808e-5b5ece77a4ef} 3724 "\\.\pipe\gecko-crash-server-pipe.3724" 1792 2072bfed058 gpu
    3⤵
    PID:3124
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3724.1.965111620\2140047464" -parentBuildID 20221007134813 -prefsHandle 2156 -prefMapHandle 2152 -prefsLen 21797 -prefMapSize 232675 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6c32b4ca-5cef-40e9-957a-de50fff1e935} 3724 "\\.\pipe\gecko-crash-server-pipe.3724" 2168 2072bef9b58 socket
    3⤵
    PID:3672
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3724.2.1472147530\1884713120" -childID 1 -isForBrowser -prefsHandle 2692 -prefMapHandle 2684 -prefsLen 21835 -prefMapSize 232675 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {36edfd91-0f3b-45d1-b1d9-8f445f9284f0} 3724 "\\.\pipe\gecko-crash-server-pipe.3724" 2704 207300f1758 tab
    3⤵
    PID:3608
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3724.3.1572938997\409712270" -childID 2 -isForBrowser -prefsHandle 3628 -prefMapHandle 3624 -prefsLen 26480 -prefMapSize 232675 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {7a4edc67-37b6-4edc-a05d-bb1029a59e5a} 3724 "\\.\pipe\gecko-crash-server-pipe.3724" 3636 20719c68158 tab
    3⤵
    PID:2904
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3724.4.627566347\716058853" -childID 3 -isForBrowser -prefsHandle 4572 -prefMapHandle 4568 -prefsLen 26539 -prefMapSize 232675 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d87608e4-e15a-4d34-add9-cbddc49bf1b8} 3724 "\\.\pipe\gecko-crash-server-pipe.3724" 4580 2073007bb58 tab
    3⤵
    PID:1516
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3724.6.720229015\1566833014" -childID 5 -isForBrowser -prefsHandle 4992 -prefMapHandle 4996 -prefsLen 26795 -prefMapSize 232675 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {47a9e021-15c0-412f-916b-324b322857d4} 3724 "\\.\pipe\gecko-crash-server-pipe.3724" 4980 20733680e58 tab
    3⤵
    PID:4292
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3724.7.627119757\1526332722" -childID 6 -isForBrowser -prefsHandle 5172 -prefMapHandle 5176 -prefsLen 26795 -prefMapSize 232675 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {51d3bb96-199f-4431-98c1-581b229e56e3} 3724 "\\.\pipe\gecko-crash-server-pipe.3724" 5160 2073334b658 tab
    3⤵
    PID:1276
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3724.5.1907348053\623464879" -childID 4 -isForBrowser -prefsHandle 3528 -prefMapHandle 4236 -prefsLen 26795 -prefMapSize 232675 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ccb7d2bf-5b2c-4fdc-b13f-a48f863bfd1d} 3724 "\\.\pipe\gecko-crash-server-pipe.3724" 3536 20733349558 tab
    3⤵
    PID:4248

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\d25hmlvg.default-release\activity-stream.discovery_stream.json.tmp

Filesize
21KB

MD5
78ac0d9ff372ba4125a66ab686ae8466

SHA1
5d42de5cd98febe8bfbe9fe6f55a35cd50e8a25d

SHA256
0a321329fc9c85fb35d7fb4cbdb1a2e5ca4d814636013d9ca75ef132cb59ae72

SHA512
04fd6177a92d3dc059796bb65d9ee6785db51f5f38784b7a7a692239c585affffecf5dc432188731df5a3b23a58a65e17ae78c29ba86fae3db75276e385b7ff1

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\d25hmlvg.default-release\cache2\doomed\7646

Filesize
11KB

MD5
6ca0692153a4703518e96cf18252ba6d

SHA1
6b202f0f2fc1735d4110793ff8fd9319ba4d2159

SHA256
b4a40b82316f504841428f0aabccb7200fbc7d3d95dfd9057331c295b5f53267

SHA512
be7b9bbef99fd8512048c53bd04d850dabaa8571627912c7514b79f08aca2743554c4033af36a6ed70b8fb9c95c41d2d97a0ab1b644dc788ae3d510c5449803c

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\d25hmlvg.default-release\cache2\entries\624E8DC108794EA66E3F1E13A8416C36063B1CBA

Filesize
1.2MB

MD5
7f989991dce5b0294d2901504edbe81f

SHA1
c01c3fcdb42f7d8de78cdbdfc21f3829c6ac60a4

SHA256
e0cd846fdd9ffc98f47436fbc82512ba549af1f811f4c383d2eff97acc1e267d

SHA512
829be6072f9bdc02f16c3aecf65e32b7c7526e8bdd099b5f9b7b97659c753fa13aa0f54ea5d60ba5c5d4486481e19b519df50b70e60227cfecdd83d428c89997

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\d25hmlvg.default-release\cache2\entries\940A9024808ADD71EE019DC29ABB6631B5E8AEB4

Filesize
13KB

MD5
1e2d588c26e626ad0ec0306d3c5c794a

SHA1
b838d83d6c93fe412d5b1013ed8a62ee846181af

SHA256
782ce6b563856e619c26b2e396ba02f01451e548177d83be1a56c50150423c43

SHA512
54bfca7838fa442c0986c952f41f0b6d7d9ccd693512697e62ace96d7e2caaf7461df798fc50e1a55e609ddc6d1396a9671bad0fd8046e34f84664caa0eeafb1

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\d25hmlvg.default-release\cache2\entries\C18E0A1B0E7D7B5192D3774CD87753954B25DFAB

Filesize
27KB

MD5
c2ff64255e0779a56944ef77c0e6b057

SHA1
1ac66bae9485d64089b11a947d6d671e86e3608a

SHA256
ff5d69555407b5cec377c06180b3a82198e263ad09ce1d44057d94f7ea47e1bb

SHA512
4e16edf82a4c9af8a1a95b783dab378380ddc908eb3a997d9ae8296b21916194765749e2e0a03cc8b174fb69d7c7c4a6d17a86963d419f5147b2aa2a11b0142f

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\d25hmlvg.default-release\cache2\entries\CF233FA1EC1BA577BF92BBD74D6F3654DD4B85D0

Filesize
13KB

MD5
3ce27bf24303a7a257b6c52aed39f732

SHA1
8549081b21b3ef21cafeba1a9fd4143ceaaede54

SHA256
2b44790476a2bfc446ee44db5bc88276e33187c63c454725323b1e0fe9f41eb3

SHA512
b223d1fa76ea5bcfb339059a9b83e6d3aa8d75ed13406e6f2b3b6375bba49d7677f84660dab11e193f00761eca4a86049f99062331c1d64eaddfe37be3dfbc35

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\d25hmlvg.default-release\cache2\entries\E19E0FAAECDCC5A8599D84C74D3C579FAF2DCC99

Filesize
14KB

MD5
6c12893a7152676b13c1b56dd6e424b6

SHA1
abb1f39c42dd60f6b66ffc38da00a46241fb5de4

SHA256
9db191e55ea11e3e8c3fa684c49fd408613b2f33125a62f47f09e0e61e856681

SHA512
3ae49f5800d7abc9260d3441c734fd0af6e8b309c250e78ec7a8f60d454cafdead566b44484d9cf0099fbefa55f0edf9233dbb2f2fc47f3f2edf251cfebf4d20

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\d25hmlvg.default-release\cache2\entries\E495400E3A4288495AA58035585EA7CA84254916

Filesize
633KB

MD5
5835b8dc182c1ca2b8b9937ff8db79c2

SHA1
cac98d5d1c70d82caacb3a51f29be0151744a743

SHA256
8f8b5bc50faee8ae7222a4971367416e03eb8a6a1e8046f042dc09ac79a78ac7

SHA512
19e47f3c503ae7ae888a8f41d4054c3ef88cb5e17832a9f109f94df5494fb5bf94f2d03f710ca817cbb3239f0f050a211ab10828defa279fb2a0c5c7ccaeaf88

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
442KB

MD5
85430baed3398695717b0263807cf97c

SHA1
fffbee923cea216f50fce5d54219a188a5100f41

SHA256
a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

SHA512
06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
8.0MB

MD5
a01c5ecd6108350ae23d2cddf0e77c17

SHA1
c6ac28a2cd979f1f9a75d56271821d5ff665e2b6

SHA256
345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42

SHA512
b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\d25hmlvg.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

Filesize
997KB

MD5
fe3355639648c417e8307c6d051e3e37

SHA1
f54602d4b4778da21bc97c7238fc66aa68c8ee34

SHA256
1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

SHA512
8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\d25hmlvg.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

Filesize
116B

MD5
3d33cdc0b3d281e67dd52e14435dd04f

SHA1
4db88689282fd4f9e9e6ab95fcbb23df6e6485db

SHA256
f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

SHA512
a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\d25hmlvg.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\d25hmlvg.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

Filesize
372B

MD5
8be33af717bb1b67fbd61c3f4b807e9e

SHA1
7cf17656d174d951957ff36810e874a134dd49e0

SHA256
e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

SHA512
6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\d25hmlvg.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

Filesize
11.8MB

MD5
33bf7b0439480effb9fb212efce87b13

SHA1
cee50f2745edc6dc291887b6075ca64d716f495a

SHA256
8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e

SHA512
d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\d25hmlvg.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

Filesize
1KB

MD5
688bed3676d2104e7f17ae1cd2c59404

SHA1
952b2cdf783ac72fcb98338723e9afd38d47ad8e

SHA256
33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

SHA512
7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\d25hmlvg.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

Filesize
1KB

MD5
937326fead5fd401f6cca9118bd9ade9

SHA1
4526a57d4ae14ed29b37632c72aef3c408189d91

SHA256
68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

SHA512
b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\d25hmlvg.default-release\prefs-1.js

Filesize
8KB

MD5
6b75d27d035bcc81478f02afd1a86585

SHA1
1061d2d8c08eef536c736d4b581cababf62d179b

SHA256
ded42bccaf33770a22d1fcc89b0164a96855c2f544918cf4cf79a6d52cda045e

SHA512
d3450ae8ec6549ea3f1f7812b3b749f17c2c9170e9520732995c970fbafb41ad8d6156494cf33617c34fbc754675d181f93b27a4fe14f0bf974015986cb6a497

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\d25hmlvg.default-release\prefs-1.js

Filesize
7KB

MD5
61ee821d1d05306b8f5df11fa0b2bb98

SHA1
8e05de094ab46ee79b6793cd6e1e6629bb293f2e

SHA256
c68645ccb7adc635f7b5c89911e2299bb1379f5c3bfa7c032bccbff5dc859d9d

SHA512
3ce53d18a4e29af9ea23f229036b196f5027dad79d9adff700c93b3c6832ae9f58e4d32080f139b2899a5e9957480fa914831f3d8ee2ec30c743ef1c44a5b3e4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\d25hmlvg.default-release\prefs-1.js

Filesize
6KB

MD5
c84410daa069f3ad800f7131429b79be

SHA1
58737514ff17cc1115ca595e87478a07b313577f

SHA256
e16049df5fc463490a6e27916bfc419f98be1c680bf43d60631600cd3a8bd64f

SHA512
37ef915c60f2a4358e78428fc2da72fda43cda4b89f3269f048d0e0ae2e59db3edc0ad138e5174c77bb3dd0572467c36470b996b6b0efb06f21c5a5fb1e12aa0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\d25hmlvg.default-release\prefs.js

Filesize
6KB

MD5
0688e2da87eb8513cb9941cb2f56f0d4

SHA1
6a8654e1f649a0e067bca87eb65216483e8e901e

SHA256
875dc259a5d0cbd87a42761ca6651bbc87f01612afa865b1ee308152955a763a

SHA512
e0a117ca093ba493a8f00bcda79c4d5c1fe766fb8930daa5c820350473a89ce3d7c20597d71423484f4bab2ba7657c9a44f19f1ad26cac8b1d91b0304c0d8bec

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\d25hmlvg.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
52c86d27ebd61acbde9b62a0c4bf1d1f

SHA1
2664c342376c31f16abd9d12d1898e4125403c81

SHA256
166f9771adcf6ab8eee6ffbc815a0548f535ee2a1d3c5ff25ef14562bfc45eac

SHA512
0cbf4b3c0b8770b42d3cb64141c07faefb68430b42edc3300924d3007bc8be0ea29bfd29c4d74f3b671434c1c8e69ece650fc3c0fb0424d6abab81ad1513563f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\d25hmlvg.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
11KB

MD5
b032b58bc4b035020fd07bc094715899

SHA1
25a161c61fe01afe2179abc3ff4f6b23da2bbefe

SHA256
1c2400d72ee72d060f252895f899838aead60dbc710c4dc69cfaf04a35a31a12

SHA512
d3a4beb9a06fc414001aa9bb4643e46681c0930efecc31282da358d0c089555a2583999b9b357cb194baedd746ebc1e3e3a39c5c50e3b721d39b6463db8bf30c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\d25hmlvg.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
10KB

MD5
c227cd308ce2e3bb2c991d4e12c3ec99

SHA1
6b6365c44e9e49041560216f250f1860258a6649

SHA256
ae681cc5b7c1bb344590bddf25b257a82cd048721b4e51275c21349a5f326877

SHA512
af9004173b8d49a38360277ee42a7da08b3602e68b9cab9f56c3e8914d2fcef4a0b8a201b93bdd87e991d6cc325b1386f4a1a86f38d92f1e328cf96d4fc30e66

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\d25hmlvg.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
11KB

MD5
409257cd8cbf6baf9d030ab24ad8c309

SHA1
04136a407a2aeb581da7ddb5c23d9896a87fab5e

SHA256
6d6d71593fee7c665bd8f46bc29552f64e8446b57c7f25a49e992554e22fcd46

SHA512
8532565f18f040a9978e187f5b447deb20b92b611cb9c077b8db304c0dcbfe81d385a1feb1a822c97c5b4340e9d5c796e1a91000eea2c1d0dbd5bca8a2971008

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\d25hmlvg.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
176KB

MD5
3997d2f7f95545a41aa78d928f56145e

SHA1
34e6e70d95fb3b1fc4b96cd740c6f19f1fe3c28f

SHA256
d59d58277a253967a5239bf318b17cc35bbfbb3f50126bfb6d26a607fc5ffc3a

SHA512
bbcf6020a70ef1d3d65202aebcc9bc37e9f25925e7d6b52409a154f40957af847628b2900d9085532a8a43a5ae2e15273f9c98ea30a0d3d95f0afc90c636281a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\d25hmlvg.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
192KB

MD5
5b29c4f98fb7afbadfb25b2b8a3c8b7c

SHA1
edce813323c2e7284a8cbec1fc6db79d200b8d05

SHA256
b9fa4ab7d7c8a89f877393ed53d4637af10d7ac55bc58600fe18249197232c40

SHA512
aeb55e46fa2e201fd74f89c950272b1d1adb442b07d3624e4addf6522d09365a05b99f78a2d3e9682da50a427cd665d115a6d683c6f7255f2e7ed70a158305e1

Download Submit